Jiří Hruška <jirka@xxxxxx> writes: > > I've already reviewed 1/5 so I'll summarize what I think of the rest. > Thank you for your time looking at everything, Jonathan. > > I'm sorry for the delay in my reply, I was away for a while and also trying > to get clarity from the cURL side, summarized in [1]. > > [1] https://lore.kernel.org/git/CAGE_+C5u9H8m5faK1vXKk6QTyjcHgKHqxOZy5ptzsYbF_0yrCQ@xxxxxxxxxxxxxx/ > > Most importantly, the bug has been apparently in libcurl only for ~1 year and > it can no longer manifest for a few months. Therefore, the main point of my > changes is a bit moot and we might reconsider what is useful and what is not. Thanks for following up with the Curl side. Even if the Curl bug is fixed now, for what it's worth, I still think that it's worth including this mitigation in Git.
